search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Apple iTunes fails to properly handle overly long URLs in playlists

Vulnerability Note VU#377368

Original Release Date: 2005-01-14 | Last Revised: 2005-01-14

Overview

A buffer overflow vulnerability in iTunes could allow a remote attacker to execute arbitrary code.

Description

Apple iTunes is a digital media player available for the Microsoft Windows and Mac OS X operating systems. It supports a variety of playlist formats including .m3u and .pls. A playlist allows a user to organize the order in which media files are played. In addition to media files, URLs to digital streams can be included in a playlist. There is a buffer overflow vulnerability in the way iTunes parses URL entries in .m3u and .pls playlist files. If a remote attacker creates a specially crafted playlist containing an overly long URL, a buffer overflow will occur and could lead to arbitrary code execution.

Impact

By convincing a user to load a specially crafted .m3u or .pls playlist file into iTunes, an attacker could execute arbitrary code with the privileges of the user.

Solution

Install Update


Apple has addressed this issue in iTunes version 4.7.1. For further details, please refer to the iTunes 4.7.1 section in the Apple Security Advisory.

Vendor Information

377368
 

Apple Computer Inc. Affected

Updated:  January 14, 2005

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please refer to the iTunes 4.7.1 section of the Apple Security Advisory.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

iDEFENSE credits Sean de Regge for reporting this vulnerability

This document was written by Damon Morda.

Other Information

CVE IDs: CVE-2005-0043
Severity Metric: 30.38
Date Public: 2005-01-11
Date First Published: 2005-01-14
Date Last Updated: 2005-01-14 18:26 UTC
Document Revision: 12

Sponsored by CISA.